ServiceNow research shows that security breaches increased in 2019

ServiceNow, a leading digital workflow company
making work, work better for people, has released its second sponsored study on
cybersecurity vulnerability and patch management,
conducted with the Ponemon Institute.

The study, Costs and Consequences of Gaps in Vulnerability Response, found that despite a 24% average increase in annual spending on prevention, detection and remediation in 2019 compared with 2018, patching is delayed an average of 12 days due to data silos and poor organisational co-ordination. Looking specifically at the most critical vulnerabilities, the average timeline to patch is 16 days.

At the same time, the risk is increasing. According to the findings, there was a 17% increase in cyberattacks over the past year, and 60% of breaches were linked to a vulnerability where a patch was available, but not applied. The study surveyed almost 3,000 security professionals to understand how organisations are responding to vulnerabilities. In this report, ServiceNow presents the consolidated findings and comparisons to its 2018 study, Today’s State of Vulnerability Response: Patch Work Requires Attention.

The survey results reinforce a need for organisations
to prioritise more effective and efficient security vulnerability management:

34% increase in weekly costs spent
on patching compared to 2018

30% more downtime vs. 2018,
due to delays in patching vulnerabilities

69% of respondents plan to
hire an average of five staff members dedicated to patching in the next year,
at an average cost of US$650,000 annually for each organisation

88% of respondents said they
must engage with other departments across their organisations, which results in
coordination issues that delay patching by an average of 12 days

The findings also indicate a persistent
cybercriminal environment, underscoring the need to act quickly:

17%
increase in the volume of cyberattacks in the last 12 months compared to the
same timeframe in 2018

Nearly
27% increase in cyberattack severity compared to 2018

The report points to other factors beyond staffing that contribute to delays in vulnerability patching:

76% of respondents noted the
lack of a common view of applications and assets across security and IT teams

74% of respondents said they
cannot take critical applications and systems offline to patch them quickly

72% of respondents said it is
difficult to prioritize what needs to be patched

According to the findings, automation delivers
a significant payoff in terms of being able to respond quickly and effectively
to vulnerabilities. Four in five (80%) of respondents who employ automation
techniques say they respond to vulnerabilities in a shorter timeframe through
automation.

“This study shows the vulnerability gap that has been a
growing pain point for CIOs and CISOs,” said Sean Convery, General Manager,
ServiceNow Security and Risk.

“Companies saw a 30% increase in downtime due to patching
of vulnerabilities, which hurts customers, employees and brands. Many organisations
have the motivation to address this challenge but struggle to effectively
leverage their resources for more impactful vulnerability management. Teams
that invest in automation and maturing their IT and security team interactions
will strengthen the security posture across their organisations.”

ServiceNow Security Operations

Vulnerability Response is part of ServiceNow Security
Operations, a security orchestration, automation and response engine built on
the Now Platform. Designed to help security teams respond faster and more
efficiently to incidents and vulnerabilities, Security Operations uses
intelligent workflows, automation and a deep connection with IT to streamline
security response.

GET INTELLIGENT CIO NEWS DELIVERED TO YOUR INBOX

ABOUT INTELLIGENT CIO

Intelligent CIO Africa is a technology intelligence platform aimed at the enterprise IT sector to provide targeted updates and research driven data. As part of Lynchpin Media, this digital medium gives unparalleled advice to the regional community.